CVE-2022-23806

ADVISORY - nist

Summary

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

EPSS Score⁠: 0.00022 (0.041)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-252⁠

Unchecked Return Value

ADVISORY - redhat

CWE-252⁠

Unchecked Return Value

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.